Wondershare EdrawMind
MindMap Gallery CISSP-8-Application Security Development
- 18
- 1
CISSP-8-Application Security Development
The application security development mind map of CISSP-Information System Security Professional Certification mainly includes application development learning objectives, system development security, software development models, programming languages and concepts, typical application systems, and evaluating the effectiveness of software security.
Edited at 2021-11-10 12:06:10
- bacteria
This is a mind map about bacteria, and its main contents include: overview, morphology, types, structure, reproduction, distribution, application, and expansion. The summary is comprehensive and meticulous, suitable as review materials.
- Plant asexual reproduction
This is a mind map about plant asexual reproduction, and its main contents include: concept, spore reproduction, vegetative reproduction, tissue culture, and buds. The summary is comprehensive and meticulous, suitable as review materials.
- Reproductive development of animals
This is a mind map about the reproductive development of animals, and its main contents include: insects, frogs, birds, sexual reproduction, and asexual reproduction. The summary is comprehensive and meticulous, suitable as review materials.
CISSP-8-Application Security Development
- bacteria
This is a mind map about bacteria, and its main contents include: overview, morphology, types, structure, reproduction, distribution, application, and expansion. The summary is comprehensive and meticulous, suitable as review materials.
- Plant asexual reproduction
This is a mind map about plant asexual reproduction, and its main contents include: concept, spore reproduction, vegetative reproduction, tissue culture, and buds. The summary is comprehensive and meticulous, suitable as review materials.
- Reproductive development of animals
This is a mind map about the reproductive development of animals, and its main contents include: insects, frogs, birds, sexual reproduction, and asexual reproduction. The summary is comprehensive and meticulous, suitable as review materials.
- Recommended to you
- Outline
![Establishment and implementation of safety management system of safety management elements [Practical version]](https://edrawcloudpublicus.s3.amazonaws.com/work/5594687/2024-5-15/1715767013/thumb.png?x-oss-process=image/resize,w_300,m_lfit)
Establishment and implementation of safety management system of safety management elements [Practical version]
- 33
![Establishment and implementation of safety management system of safety management elements [Practical version]](https://edrawcloudpublicus.s3.amazonaws.com/work/5594687/2024-5-15/1715772547/thumb.png?x-oss-process=image/resize,w_300,m_lfit)
Establishment and implementation of safety management system of safety management elements [Practical version]
- 24
![Rupture discs for safety facilities [Regulations Summary]](https://edrawcloudpublicus.s3.amazonaws.com/work/5594687/2024-5-15/1715773286/thumb.png?x-oss-process=image/resize,w_300,m_lfit)
![Safety facility safety valve [working principle version]](https://edrawcloudpublicus.s3.amazonaws.com/work/5594687/2024-5-15/1715773418/thumb.png?x-oss-process=image/resize,w_300,m_lfit)
![Safety valves for safety facilities [Regulations Summary]](https://edrawcloudpublicus.s3.amazonaws.com/work/5594687/2024-5-15/1715773446/thumb.png?x-oss-process=image/resize,w_300,m_lfit)
Application security development
Application Development Learning Objectives
Software Development Lifecycle Security
Software development life cycle approach
maturity model
Operation and maintenance
Change management
Integrated product team
Security controls in development environments
Security of the software environment (programming language, libraries, toolboxes, comprehensive development environment, runtime);
Source code level security weaknesses and vulnerabilities
Configuration management as an important component of secure coding
Application interface security
Software security effects
Audit and log changes
Risk analysis and mitigation (Corrective Action, Testing and Validation, Regression Testing)
User acceptance testing
Application development concerns
architectural patterns
Three-tier architecture
user
front end
Complex middleware
database
Bug tracking and security features
client/server
Client: user interface, local database operations, communication mechanism
Server: Execute and process data requests and return results
browser/server
Environmental Control V Application Control
Balance of multiple control methods
Understand the boundaries between environmental controls and application controls
Safety V functionality
Balance of software functionality and security measures
Balance of functional requirements, security requirements and security mechanisms
Security V User Experience
usually inversely proportional to
Security function V configuration security
Default installation does not guarantee security
Configuration security is not enabled (access should be denied by default)
Failure to follow the minimal installation principle
Post-patch installation
System development security
SDLC
Project begining
Clarify requirements and determine the basic safety objectives of the product
Risk analysis assessment, assessing threats and vulnerabilities, Estimate the cost/benefit ratio of different security countermeasures
Risk Management
Risk Analysis
demand analysis
Safety requirements
System or application functional requirements
standards and guidelines
export restrictions
Data sensitivity level
Related security policies
Cost/benefit analysis results
Level of protection required to achieve goals
The project development and requirements management team conducts complex analysis of current and likely future functional requirements to ensure the new system meets end-user requirements
Project team members will also review the documents output during the initial phase of the project and revise and update them as needed.
For relatively small projects, the above processes are often included in the initial stages of the project.
Security requirements should also be formed accordingly. (Security requirements are determined during the requirements analysis phase, Security personnel must be involved during the requirements stage)
system design
Software development as part of system design
Hardware is different from software
Generally, the functions implemented by software are decided during system design.
Verification of software must take into account all the context in which the system is designed
Consider the specs
The difference between software and hardware
Software can have branches, and software can execute different commands based on different inputs, so software is complex;
Software is not physical and therefore does not wear out;
Software can be changed easily and quickly;
The software development process should be fully planned, controlled, and recorded to detect and correct unexpected results caused by software changes.
.Software components are not standardized and replaceable as often as hardware.
Tools for describing user requirements and system internal behavior
Includes all activities related to system and software design.
Design system architecture, system outputs and system interfaces
Establish data input, data flow and data output requirements, and generally design software security features based on the company's security architecture.
design
data design
Extract data design and information model data and convert them into data structures
Architecture design
Defines the main structures and relationships between application components
process design
Convert structured components into descriptive processes
security design approach
Threat Modeling (STRIDE)
Attack surface minimization analysis
Clean input and output
Questions to consider
Work breakdown structure (WBS) for subsequent phases
Details of the product and the environment in which it is implemented
Product modularization and reuse issues
Software development and implementation
The main work
Source code has been generated and test scenarios and test cases have been developed accordingly
Start implementing unit and integration testing
Procedures and systems also begin to be documented for maintenance and then move to acceptance testing and production transition
Test type
unit test
Verify data structure, logic and boundary conditions
Integration Testing
Verify that components work together according to design specifications
System test
Function/Performance
Acceptance Test
Ensure code meets customer needs
Regression Testing
After system changes are made, they will be re-tested to Ensure functionality, performance and protection levels
function test
Performance Testing
load test
pressure test
Fuzzing testing
Send complex/random data to the software to cause software errors. It is mainly used to identify buffer overflows, DOS, injections, verification errors and other errors that may cause the software to freeze, crash or occur.
Vulnerability scanning
Use automated tools to check the main errors of the program, such as strongly typed language errors, development and configuration errors, transaction sequence faults (transaction sequence faults), mapping trigger conditions. (Mapping trigger conditions.), etc., usually further manual work is required after scanning. investigation.
Manual testing
By analyzing a program through human experience and intuition, often using computer technology, testers can locate design errors, such as logic errors. Includes penetration testing.
Dynamic analysis
Dynamic analysis is a timely analysis of a running program. It is usually executed after static analysis and after the basic problems of the program have been solved.
Separation of environments and separation of responsibilities
verify (verification)
Ensure product specifications are met
confirm (validation)
Ensure the main objectives of the project are met
Focus on how to use and operate the developed system or application
Certification (Certification)
technical and non-technical security characteristics of an IT system and its Safety evaluation of protective measures, measuring how specific designs and implementations meet A defined set of security requirements to support the accreditation process.
A process for examining and evaluating security controls
Executed by an external independent inspection agency
Confirm compliance with security policies and standards
Appraisal or Approval (Accreditation)
An authoritative body officially declares that an IT system has been approved and can capable of operating in a specific security mode that employs a defined set of security measures that meet an acceptable level of risk
Management’s approval of the system
clear acceptance of risk
Migrations and fixes
At this stage, the system transitions from the acceptance stage to the real production environment.
Activities in this phase include obtaining safety approvals (security accreditation);
Train users according to plan;
Implement the system, including installation and data conversion;
If necessary, perform parallel operations.
Operation and Maintenance
Correctly configure the security environment
Continuously conduct vulnerability testing, monitor system activity and audit events (A vulnerability is discovered during the maintenance phase and the action taken is to report)
If major changes occur, perform a risk assessment, and perform certification and accreditation processes (re-certification, re-accreditation)
Dispose (disposal)
Destroy data based on data sensitivity.
Destruction method
physical damage
Degaussing
overwrite
SELC systems engineering life cycle (Systems Engineering Life Cycle)
Requirements analysis, design, implementation, verification, operation Requirements analysis, Design, Implementation, Verification, Operation
Change and configuration management
Capability Maturity Model (CMM)
Initial (Ad hoc)
Repeatable
Defined
Managed (Managed, metric)
Optimizing (continuous improvement)
Capability Maturity Model Integration (CMMI)
1, 3, 5 are the same, 2. Managed, 4. Quantified and managed
Integrated product team
Integrated Product and Process Development (IPPD) integrated product and process development
Management techniques that optimize design, manufacturing and support processes by integrating all necessary acquisition activities simultaneously using multi-discipline teams
IPPD facilitates meeting cost and performance targets from product concept to production, including on-site support
A key principle of IPPD is the multidisciplinary collaboration model of Integrated Product Teams (IPTs)
IPT
Representatives from all functional disciplines work with the Team Leader to build successful and balanced programs, identify and solve problems, and make sound and timely decisions
Team members may not necessarily contribute 100% of their time to the project, and a member may be on multiple IPT teams.
The purpose of IPTs is to make team decisions based on real-time input from all teams (e.g., project management, engineering, manufacturing, test, logic, financial management, procurement and contract management) including customers and suppliers
Team members for ITPs are composed of project manager-level members, including members from the enterprise and system/subsystem contractors
A typical IPT is at the program level and may, for example, consist of the following functional disciplines: design engineering, manufacturing, systems engineering, test and evaluation, subcontracting, quality assurance, training, finance, reliability, maintainability, support, procurement , contract management, suppliers and customers.
DevOps
concept
in principle
Develop and test similar production systems
Deploy with a repeatable, reliable process
Monitor and verify operational quality
Expand the feedback loop
software development model
waterfall model
Planning, requirements analysis, software design, program writing, software testing, operation and maintenance
spiral model
Structured programming development
iterative development
prototype model
abandon
Improve
rapid prototyping
Explore the model
Joint analysis development
Rapid Application Development (RAD)
Reuse models
clean room
component development
Agile development
Extreme Programming XP
Scrum
Lean
Agile Manifesto 4 sentences
Individuals and interactions over processes and tools Working software above thorough documentation Customer Cooperation Above Contract Negotiation Respond to change better than follow plan
Programming languages and concepts
structured programming
Top-down analysis and design; Bottom-up, step-by-step implementation
User-oriented perspective, strictly distinguish work stages
Disadvantages: long development cycle, cumbersome and complex development process Auditing is more difficult and user communication is not intuitive.
object-oriented programming
It is composed of two parts: class and object.
kind (Class)
Class defines the abstract characteristics of a thing
A class defines the properties of a thing and what it can do (its behavior)
The methods and properties of a class are called "members"
object (Object)
Object is an instance of a class.
The system allocates memory space to objects but not to classes; Classes are abstract. It is impossible for the system to allocate space to abstract things. Objects are concrete.
object=property method
Attributes:
Describes the structure and status characteristics of the object
method:
The function or process that an object can perform
Methods of communication between objects: message passing
polymorphism (polymorphism)
The simplest understanding of encapsulation is packaging, which refers to hiding the properties and implementation details of an object. Only the interface is exposed to the outside world, that is, the internal state of the object is transparent to the outside world.
Encapsulation (Encapsulation)
means hiding object information
public members
private member
inherit (inheritance)
Is a mechanism for creating one or more subtypes from an existing class.
Software Architecture
data structure
Representation of logical relationships between data elements
scalar
linked list
hierarchical tree
cohesion and coupling (high cohesion, low coupling)
cohesion
Reflects how many different types of tasks a module can perform
The higher the cohesion, the easier it is to update and modify it, without affecting other modules that interact with other
coupling
How much interaction a module needs to perform its tasks
Low coupling makes it easier to reuse, and modifications will not affect other modules.
Distributed Computing
Common Object Request Broker Architecture (CORBA)
Microsoft COM/DCOM model
EJB
API
API is a connector for IoT (Internet of Things) that allows devices to connect to each other
Representational State Transfer (REST) API
REST security expert usage advice
Three safe paths for REST APIs
Typical application system
Web security
collect message (Information gathering)
Management interface (Administrative interfaces)
Authentication and access control (Authentication and access control)
Input validation (Input validation)
response
Buffer overflow attack
XSS cross-site scripting attack
SQL injection attack
Parameter validation (Parameter validation)
Session management (Session management)
Database management
database management system (DBMS)
Assemblies that manage and control data access
Organize and store data in a certain format, Record files that allow users to access, manage and update
Focus: Data collection, storage, recovery
Most concerned with integrity, followed by availability, and finally confidentiality
metadata
Essence: Data about data
Key data related to data source definition, target definition, conversion rules, etc.
Features:
data consistency
Operations must comply with each database's integrity policy, Complete transaction data consistent
data sharing
Multiple users can access the database at the same time. With concurrency control
Data Recovery
In the event of an error or system crash, the system can be recovered. Check the transactions being processed at the time of the crash or rollback, Or a transaction has been completed forward to maintain data consistency.
Checkpointing is a common recovery technique
safely control
Provides various security controls to restrict user access
database language
Data Definition Language (DDL), For example: CREATE, DROP, ALTER and other statements.
Data Manipulation Language (DML), For example: SELECT (query), INSERT (insert), UPDATE (modify), DELETE (delete) statements.
Data Control Language (DCL), For example: GRANT, REVOKE and other statements.
Transaction Control Statement (TCL), For example: COMMIT, ROLLBACK and other statements.
Ensure an effective approach or process
Compression: The ability to compress data and save storage space and I/O
Reorganize: Reclaim unused space
Refactoring: adding and changing records, data, access controls, Disk configuration and processing capabilities
Database model
hierarchical database model
A logical tree structure consisting of records and fields that are related in the logical tree structure
A tree structure contains many branches, each branch has many leaves or data fields
Access requires a clear path, Not suitable for frequent changes, suitable for frequent queries
Example: Lightweight Directory Access Protocol LDAP, registry structure
Network database model
Use directed graphs to represent entity types and relationships between entities. A network-like redundant structure, not a strict tree structure
Each data element has multiple parent nodes and child nodes
Faster retrieval compared to hierarchical models
relational database model
Features: attributes/fields (columns) and tuples/records (rows)
Combination of Cartesian products
Primary and foreign keys
The primary key uniquely identifies a record
Foreign key: If an attribute value in one table matches a primary key in another table, and a certain relationship is established, then this attribute is regarded as a foreign key
Basic components:
Data Definition Language (DDL)
Define the database structure (Structure) and data structure (Schema)
Structure: Describes the size of the table, the location of keys, views, and data element relationships
Schema: describes the data types and their properties that the database stores and operates on
Define the organization, access operations, and integrity procedures of the database
Data Manipulation Language (DML)
User operation command
Data Control Language (DCL)
Create user access and authorization objects
Query Language (QL)
Make a query request to the database
report generator
Data process output in user-defined manner
(RDBMS) relational integrity
Entity integrity (Entity integrity)
Each record is uniquely identified by the primary key value
semantic completeness (Semantic integrity)
Ensure that structural rules and semantic rules are followed, Prevent semantically incorrect data from entering the database. This can be achieved through rules constrained by rules
(reference) referential integrity (Referential integrity)
No database record can reference a non-existent primary key. If a record containing a primary key is deleted, All referenced records must be deleted. (foreign key)
Data Dictionary:
It is a central library that describes data elements and their relationships. Can store key information such as data usage, data relationships, data sources and data formats
The data dictionary is a centralized management part that controls database data. Describes cross-references between data elements and databases
Describes a collection of data element definitions, schema objects, and reference keys
Schema objects include tables, views, indexes, procedures, functions, and triggers
Data management software reads the data dictionary, determines whether the module exists, and checks for specific The access permissions of the user process also define the view permission settings for each user.
Update the data dictionary when new records, tables, views or schemas need to be added
object-oriented database model
Combining the object data model in object-oriented programming with DBMS, Can store image, voice, video and other data.
Object-oriented databases use classes to define the properties and procedures of their objects
object-relational database model
Database programming interface
Open Database Connectivity, ODBC
Object connection and embedding database, OLEDB
ActiveX Data Objects, ADO
Java Database Interconnect, JDBC
Database Vulnerabilities and Threats
integrity (integrity)
rollback
Terminate the current transaction, cancel changes, and restore the previous state
submit
Submit, terminate the current transaction and execute the modifications made by the user, If it cannot be executed successfully, roll back
savepoint/checkpoint (check point)
If an error is detected, the user can return to the corresponding location.
Use locking mechanisms to deal with the threat of concurrent operations
polymerization (Aggregation)
Some pieces of information are not sensitive separately but are sensitive together.
Solution
Strictly control access to aggregate functions
Users are prohibited from directly accessing data through views.
reasoning (Inference)
Aggregate the desired result
Reasoning cannot get the information available to display
Solution:
Access control
Content-based access control
Context-sensitive access control
unit inhibition (Cell suppression)
Techniques used to hide specific units
Database partitioning (database partition)
Split the database into different parts
noise and disturbance (noise and perturbation)
Techniques for inserting fake information into databases
Database view
multiple instances (MRDBMS)
Create multiple tuples with the same primary key and Relationships between instances defined by security levels
deadlock (DeadLocking)
Other threats
database
Online Transaction Processing, OLTP
ACID principles
Atomicity
Either all changes are committed or the database is rolled back
Consistency
Follow database integrity, Ensure the consistency of data in different databases
Isolation
Transactions do not affect each other
Durability
Once submitted, it cannot be rolled back
Online Analytical Processing, OLAP
OLAP is the main application of data warehouse systems
Suitable for decision-makers and senior managers
Data warehousing and data mining
To enable information retrieval and data analysis, Combine multiple databases or data sources into one large database
data mining
Classification: Grouping data based on common similarities
Possibility: Identify interdependencies between data, and apply possibilities to their relationships
expert system
rules-based programming
Rules are based on if-then logical units
composition
inference engine
The inference engine provides user interface, external file, plan and program access capabilities
knowledge base
Knowledge base contains data related to a specific problem or domain
Expert systems are often used by IDS to automatically review security logs
Artificial neural networks
Electronic model based on the neural structure of the human brain
The brain stores information in the form of patterns
When you learn something and use it often, The connection path to the information storage unit will be strengthened
Neural networks are programmed to have decision-making and learning capabilities. Improving its functionality through a process of extensive trial and error decision-making
threaten
buffer overflow (Buffer Overflow)
covert passage Convert Channel
timing
storage
Memory reuse/object reuse (Memory reuse/Object reuse)
social engineering
Trapdoor/Backdoor (Trapdoor/Backdoor)
spoofing attack (spoofing attack)
web security
vandalism
Replace the issued image and title with the modified image and title
perception and reality
financial fraud
Deception of services and transactions in virtual environments
privileged access
Restrict access to privileged users
Stealing transaction information
theft of intellectual property
denial of service attack
specific security
collect message
Management interface
Authentication and access control
Configuration management
Enter confirmation
Parameter confirmation
Session management
SAML
SAML Security Assertion Markup Language, It is an XML-based protocol. Is a federated identity standard. Used to transmit authentication and authorization information in different security domains and can be used to implement single sign-on. Similar to Kerberos relying on KDC, SAML depends on IDP (Identity provider). SAML has a feature called policy enforcement.
OAuth2.0
OAuth (Open Authorization) is an open standard, Allow users to allow third-party applications to access private resources (such as photos, videos, contact lists) stored by the user on a website, Without giving your username and password to third-party applications.
The original OAuth will issue a token with a very long validity period (typically one year or no validity limit). In OAuth 2.0, the server will issue a short-validity access token and a long-life refresh token. This will allow the client to obtain a new access token without requiring the user to do it again, and also limits the validity period of the access token.
move code
java applet
Java language is composed of bytecode, Java virtual machine Convert it into machine code that the machine can recognize.
The applet runs in a sandbox (The sandbox helps achieve minimal authorization, Is an effective means to deal with malicious code attacks alternative to antivirus software)
ActiveX control
Malicious code
Virus
Characteristics: Reproduction and destruction, requires host
macro virus
Boot sector virus
You can delete the data in the boot area or reboot the area
Compression virus
Attach itself to the executable program and compress it using the user's permissions
covert virus
Hide the changes he made to the file box boot record
Metamorphic virus
Make a changing, but still usable, copy of yourself
Through noise or forged instructions, mutation engines and random numbers Generator to change the order of instructions and evade detection
Split virus
Infects hard drive boot sector and executable files simultaneously
self-inflicted virus
Evade detection by antivirus software by obfuscating its own code
script virus
tunnel virus
Install yourself under an anti-virus program, anti-virus software When detecting viruses, seven intercepts this call
worm
Can self-replicate without a host
Distributed through emails, website downloads, etc.
Botnet
A bot is a type of malware, a latent code
Trojan horse
A program disguised as another program
rootkit
logic bomb
A logic bomb is executed when a specific event occurs
anti-virus software
characteristic detection method (signature)
Heuristic detection (heuristic) Abnormal behavior detected
Suspiciousness counter
Some anti-virus software suspiciously creates a sandbox, Dynamically analyze suspicious code
Classification:
Reviewing information about a piece of code is called static analysis
Allowing part of the code to run in a virtual machine is called dynamic analysis.
Immunization program
Target a virus and make it think it is infected.
behavior blocker
Antivirus program
Protect against viruses through administrative, physical and technical methods
Spam detection
Bayesian filtering
denial of service attack (DOS) (Seems like a normal activity)
Features
Consume victim's network bandwidth
Consume the victim's resources
Classification
smurf attack
Exploiting flaws in the ICMP protocol
fraggle attack
Exploiting UDP protocol flaws
smurf and farggle are two ways to exploit protocol flaws and Example of using amplified network to launch DoS
SYN flood attack
Utilizing the three-way handshake of a TCP connection
Connection queue limit exceeded
teardrop attack
Exploit this design flaw by sending very small fragmented packets
Distributed denial of service attack (DDOS)
Sinkhole routing is one of the ways to deal with DDOS
Evaluate the effectiveness of software security
Certification and accreditation
effect
Embed information security capabilities into federal information systems through the application of best practice management, operational, and technical security controls.
Maintain awareness of the security status of information systems through continuous strengthening of monitoring processes
Providing important information for senior leadership to drive decisions, including acceptance of risks to the organization's operations and risks to assets, individuals, other organizations, or countries arising from the use and operation of information systems;
Auditing and logging of changes
Information audit function
Audit procedures assist in detecting any unusual activity
The audit level and audit type depend on the audit requirements of the installed software and the sensitivity of the data processed or stored by the system.
System resources should be protected when available
The role of log auditing
The need to establish a baseline
Performance of different servers and systems
Application functions and operation and maintenance issues
Effective intrusion detection
forensic analysis
Comply with various laws and regulations
Integrity of information
The application compares or reconciles what is processed with what is expected to be processed
Compare totals
Check serial number
accuracy of information (application control)
Check input accuracy: Data validation and validation checks should be integrated into appropriate applications
Character checks: Compare input characters to expected character types, such as numbers or letters
Range checks: Validate input data against the upper and lower bounds of the reservation
Relationship checks: Compare the input data to the data in the main record file
plausibility check (Reasonableness checks): Compare input data to expected standards, other forms of integrity checks
Transaction limits: Check the input data and compare it with the limits set by the management in the transaction.
Risk analysis and mitigation
Risk Management
Risk management is an ongoing process that spans the entire project life cycle
The risk management process includes risk planning, identification, analysis, monitoring and control
The identification of risks begins before the project is initiated, and the number of risks increases as the project matures.
Risk documentation process includes risk mitigation and continuity planning
Risk reduction steps can reduce the likelihood of an event occurring. Risk mitigation will incur costs and requires a cost-benefit analysis;
Continuity planning or a series of activities undertaken at or before an event occurs. Planning may be pre-emptive activities before a risk occurs or activities after a risk occurs.
Risk Analysis and Mitigation Strategies
Integrate into the SDLC process as well as the organization’s change management process
Use standardized risk assessment methods and report risks to stakeholders
Track and manage weaknesses identified during assessment, change management and ongoing monitoring
Corrective Actions - Patch Management
Basic Settings
Research
MD5 comparison of fingerprints and digital signatures
File integrity check
Assessment and testing
Test patches in a test environment
Mitigation ("rollback")
Deployment ("rollout")
Now deployed on less critical systems
Validation, reporting and logging
Patch update log, record and archive
Test and verify
Implementing risk control measures requires testing
Security assessors or other independent entities verify and confirm the vulnerabilities that require verification
in large organizations
Independent verification and validation (IV&V) teams determine whether security issues and vulnerabilities have been resolved
Developers and system owners cannot authorize declarations that risks have been mitigated without the consent of an independent entity
Code signing
Code signing is a technique used to ensure the integrity of code, identify who developed that code, and determine what the developer intended that code to be used for.
Code signing certificates and digital certificates help users avoid downloading leaky files or applications
When code is signed it can determine the authenticity of the code and detect if it has been modified by someone other than the developer.
Code signing is used for
Make sure code snippets are not modified
Identify the source of the code (developer or signer)
Determine whether code deserves trust for a specific goal
Code signing consists of three parts
Seals, digital certificates and unique identifiers
What code signing can’t do
Code snippets are not guaranteed to be free from security vulnerabilities
There is no guarantee that the APP will not load unsafe or changed code (such as unworkable plug-ins) during execution.
Not a digital rights management (DRM) or copy protection technology
Regression and acceptance testing Regression and Acceptance Testing
Testing considerations
Test bugs quickly
Observe the side effects of patching
Write a regression test plan for each bug fix
If two or more tests are similar, determine which one is less efficient and discard it
Identify test plans and continuously deliver and document them
Concern related to functional issues rather than design
Determine changes to data, regardless of size, and find any resulting corruption
Track the impact of changes on program memory
Regression Testing
The most effective approach is a test library based on a pool of standard test cases that can be run every time a new version is built
The difficulty in building a test library is determining what test cases to include
Automated tests and test cases also involve boundary conditions and timing, which all belong to the test library.
For automated testing to be effective, it is cost-effective and efficient when integrating sufficient variables as part of a complex testing methodology
acceptance test (Acceptance Test)
Formal testing performed to determine whether a system meets its acceptance criteria and to enable the customer to determine whether to accept the system
In agile development, acceptability tests/criteria are typically established by the business customer and described in the language of the business domain
SwA (software assurance) stage (Ensure that software developed or purchased meets security requirements SAMM Software Assurance Maturity Model SAMM is a framework used to design software that is secure and tailored to an organization’s specific risks.)
planning stage
Obtain the identified requirements for software services or products, identify potential substitute software methods, and identify the risks of substitution.
Development requirements are included in the statement of work
Establish acquisition strategies and include identification of risks associated with various software acquisition strategies
Develop evaluation criteria and evaluation plan
Bidding stage
Create/issue Request for Proposal (RFP) with description of work, offeror description, terms and conditions, pre-qualification and certification,
Evaluate proposals submitted by suppliers in response to Request for Proposal (RFP) or Invitation to Tender (ITT)
Complete contract negotiations including changes to terms and conditions
Monitoring and Acceptance Phase
This stage is mainly about monitoring the supplier's work and accepting the final service or product delivery as agreed in the contract.
Establish and agree to contract work schedule
Implement change control procedures
Review and accept software deliverables
follow-on phase
Sustainment (including risk management, assurance use case management and change management)
Disposal and offline
In subsequent phases, software risks must be managed through continuous assurance use case analysis and adjusted to reduce risk
Security professionals must ensure that there are well-documented SwA policies and procedures in place across the enterprise
Unexpected errors lead to faulty operations
Deliberately inserting malicious code
Steal important or sensitive information
Stealing personal information
Alter products, insert agents or corrupt information